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DETAILED ACTION 

1 . The amendment of 4/21/05 has been received and entered. 

2. Claims 1-20 are pending. 

Response to Amendments 

3. In light of Applicant's amendment and arguments, the rejection under 35 USC 101 has 
been withdrawn. 

Applicant's arguments have been carefully considered, but are moot in view of the new grounds 
of rejection. 

However to address the issue as to the nature of the Object, it is the Examiner's position that an 
object as disclosed by Martin, in the field of Object oriented program, inherently discloses an 
"active entity". 

It is well known in the art of computer science that an object, in OOP is an instantiation of a 
class. Objects have their own internal functions, methods, procedures, data types, variables, and 
executable code. It is the object that interacts with other objects in an OOP paradigm. In the art 
of Computer Science, an object by definition is an active entity. 
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Applicant has also traversed the Official notice that representing rules as a filled paper form, 
including collected data and rules regarding collected data, was well known in the art at the time 
of invention. 

One common example is a legal contract. For example, the contract for a sale of a house would 
involve the collection of data(the names and signatures of the parties) and would thereby form 
the set of rules to apply to the collected data, (the rules of the contract would there be set for the 
members who signed) 



Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

5. Claims 1-20 are rejected under 35 U.S.C. 103(a) as being unpatentable over Martin, 
"Principles of Object Oriented Analysis and Design" (hereafter Martin). 
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In reference to claim 1 : 

(Martin, "Principles of Object Oriented Analysis and Design") discloses a method for handling 
personally identifiable information, said method comprising: 

• Providing in a computer a first set of object classes, where object classes are classes that 
are later to be instantiated into objects, (pages 23-24, "What is a Class?") 

• Representing active entities in an information-handling process, wherein a limited 
number of privacy-related actions represent operations performed on data, where the 
active entities are the objects themselves, and the privacy related actions-representing 
operations performed on data are the operations used to read and manipulate data of the 
object, (page 19, "operations") 

• Providing in said computer a second set of object classes representing data and rules in 
said information- handling process, wherein at least one object class has said rules 
associated with said data, and wherein said data represents said personally identifiable 
information, where objects are capable of representing data and rules in their 
interrelationships with other objects, (page 144, "Object Structure Analysis/ Object 
Behavior Analysis") 

• Processing transactions, in the data processing system, involving said personally 
identifiable information, using said computer and said first and second set of object 
classes, associated with personally identifiable information and defined by said rules, 
against one or more active entities represented by said first set of object classes, where 
transactions are performed in the interactions of the objects between one another, and the 
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examples of personally identifiable information are who the customers are, their salaries, 
and the employee type, (page 146-147, Diagrams). 

Martin fails to explicitly disclose a method wherein the first and second set of object classes 
enforce a privacy policy. 

However, the Examiner «wmrid notes that a privacy policy is defined by certain rules. As 
Applicant has recited in claim 1 ". . .to enforce a privacy policy, associated with the personally 
identifiable information and defined by said rules" 

Applicant's specification (page 11, lines 10-20) describes the composition and implementation of 
the privacy policy as such: 

"A privacy policy contains a set of rules that are specific to a data user such as 303 or 305. Each 
rule allows a privacy action on personal data within specified constraints. EPA defines twelve 
privacy actions. The privacy actions described by the policy rules define the purpose for which 
data can be utilized and disclosed." 

While Martin fails to explicitly disclose the use of objects to enforce a privacy policy, Martin 
does however clearly disclose the implementation of rules through active entities, (pages 134, 
138, 139, 140, page 144 Box 10.3). 
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With regard to the implementation of rules, Martin(page 133) teaches "Wherever possible, the 
code for systems should be generated from models that are easy for end users to understand and 
experiment with. The desired behavior of systems can with described with the help of rules. 
Business policies, for example, can be expressed in rules. . Using rules as a basis for the 
design of code is a fundamental concept of the object oriented programming paradigm. 

It would have been obvious to one of ordinary skill in the art at the time of invention to 
implement a privacy policy consisting of rules using active entities in order to more easily 
generate useful code that accurate reflects a particular policy. 

In reference to claim 2: 

(Martin, "Principles of Object Oriented Analysis and Design") discloses the method of claim 1, 
wherein said object classes include one or more object classes representing parties, selected from 
the group consisting of 

• A data user object class, where the student is the data user object class. (Page 158) 

• A data subject object class, where the subject object class is the class, (page 158) 

• A guardian object class, where the guardian object class is a stock withdrawal subsystem, 
(page 194) 

• A privacy authority object class, where the privacy authority class is a server class, (page 
192) 
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In reference to claim 3 : 

(Martin, "Principles of Object Oriented Analysis and Design") discloses the method of claim 1, 
wherein said at least one object class, having said rules associated with said data, (page 144, 
"Object Structure Analysis/ Object Behavior Analysis") 

(Martin, "Principles of Object Oriented Analysis and Design") fails to explicitly disclose 
representing the rules as a filled paper form, including both collected data and rules regarding 
said collected data. 

(Martin, "Principles of Object Oriented Analysis and Design") does however disclose that rules 
may be written in the English Language, (page 133-134, "Rules Expressed in English"). Martin 
discloses more rules on pages (138-139, Box 10.1 & 10.2) 

The Examiner takes official notice that representing the rules as a filled paper form, including 
both collected data and rules regarding said collected data was well known in the art at the time 
of invention. An example of this is a contract signed by certain parties. 

It would have been obvious to one of ordinary skill in the art at the time of invention to collect 
rules as a filled paper form. 



In reference to claim 4: 
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(Martin, "Principles of Object Oriented Analysis and Design") discloses the method, in a data 
processing system, for improving the handling of personally identifiable information, said 
method comprising: , 

• Performing, in the data processing system, an initial assessment of an information 
handling process, where the initial assessment is the analysis of the system to be modeled 
in an Object oriented process, (pages 59-60, "Models of Reality") 

• Constructing, in said data processing system, a model of said information handling 
process, based on said initial assessment, where the model of said information handling 
process is performed once an analysis has been made, (pages 59-60, "Models of 
Reality") 

• Providing output, from said data processing system, based on said initial assessment and 
constructing, that identifies at least one way in which said personally identifiable 
information could be better handled, where a particular technique in the refinement of the 
object model is the practice of using CRC cards to gain a better understanding about how 
to handle the model at hand. (Pages 187-190, "Responsibility driven design") 

• Wherein said constructing includes: 

• Representing entities, data, and rules in said information handling process by using a 
limited number of object classes, where objects represent entities, where the data are 
attributes of objects, and where rules are functions that typify the interaction between 
objects, (page 156, "models and diagrams") & (page 140, center diagram, 146-147, 
Diagrams) & (page 1 66) 
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• Representing operations performed on data by using a limited number of privacy-related 
actions, where the active entities are the objects themselves, and the privacy related 
actions-representing operations performed on data are the operations used to read and 
manipulate data of the object, (page 19, "operations") 

• Representing transactions by using said limited number of object classes and said limited 
number of privacy-related actions, where the transactions are interactions between the 
modeled objects, (Page 118, "Events triggers and Operations") and the request for data is 
a privacy related action, (page 19, "operations") 

In reference to claim 5 : 

(Martin, "Principles of Object Oriented Analysis and Design") discloses the method of claim 
wherein said providing output further comprises identifying at least one way in which said 
information-handling process could be improved, where a particular technique in the refinement 
of the object model is the practice of using CRC cards to gain a better understanding about how 
to handle the model at hand. (Pages 187-190, "Responsibility driven design") 

In reference to claim 6 : 

(Martin, "Principles of Object Oriented Analysis and Design") discloses the method of claim 4, 
wherein said providing output further comprises identifying at least one way to improve 
compliance with a law or contract, where the CRC method is a technique for better identifying 
responsibilities of the objects(page 188, "responsibilities and collaborators"), and it is known in 
the art that groups responsibilities are contracts, (page 191, "contracts") 
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Claims 7, 9 are rejected for the same reasons as claim 5. 
In reference to claim 8: 

(Martin, "Principles of Object Oriented Analysis and Design") discloses the method of claim 4, 
further comprising designing a modification to said information-handling process, based on said 
constructing and providing, where modifications are constantly being designed in the creation of 
the object oriented model of the system from the creation of the model, to the creation of its 
design, to the generation of the code, (page 60) 

Claim 10, 13, 16 are rejected for the same reasons as claim 2. 
Claims 12, 15 are rejected for the same reasons as claim 1. 
Claims 11, 14, 17 are rejected for the same reasons as claim 3. 

In reference to claim 18: 

(Martin, "Principles of Object Oriented Analysis and Design") (page 166) discloses the method 
of claim 1, wherein: 

A first active entity represented by a first object class in said first set of object classes is a first 
data user that requests said personally identifiable information from a data subject, where a first 
active entity is a student, represented by a person object (Figure 1 1.13 description) that requests 
personally identifiable information from a data subject, where the personally identifiable 
information is a registration. 



Application/Control Number: 09/884,311 
Art Unit: 2134 



Page 1 1 



In reference to claim 19: 

(Martin, "Principles of Object Oriented Analysis and Design") (page 166) discloses the method 
claim 18, further comprising: transforming, based on said rules, said personally identifiable 
information into a depersonalized format prior to providing said personally identifiable 
information to the second data user, where the registration information is in a depersonalized 
format, but is specific to a particular student when a student makes that registration. 

Claim 20 is substantially similar to claim 12 and is rejected for the same reasons. 

Conclusion 

6. THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time policy 
as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of the final action and the advisory action is not mailed under after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension pursuant to 37 CFR 
1 .136(A) will be calculated from the mailing date of the advisory action. In no event, however, 
will the statutory period for reply expire later than SIX MONTHS from the mailing date of this 
final action. 
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7. 



Any inquiry concerning this communication from the examiner should be directed to 



Thomas M Ho whose telephone number is (571)272-3835. The examiner can normally be 
reached on M-F from 9 : 3 0 AM - 6 : 00 PM. 

* 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 

Gregory A. Morse can be reached on (571)272-3838. 

The Examiner may also be reached through email through ThomasJig^ 

Any inquiry of a general nature or relating to the status of this application or proceeding should 
be directed to the receptionist whose telephone number is (571)272-2100. 

General Information/Receptionist Telephone: 571-272-2100 Fax: 703-872-9306 
Customer Service Representative Telephone: 571-272-2100 Fax:703-872-9306 



May 7, 2005 



TMH 
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